Thanks! merged to master.
Bruce On Mon, May 4, 2015 at 1:51 PM, Bogdan Purcareata <[email protected]> wrote: > Add command line parameter to create Busybox containers > with OpenSSH support. As a prerequisite, OpenSSH needs > to be installed on the host system. > > Signed-off-by: Bogdan Purcareata <[email protected]> > --- > .../files/lxc-busybox-add-OpenSSH-support.patch | 246 > +++++++++++++++++++++ > .../files/make-some-OpenSSH-tools-optional.patch | 49 ++++ > recipes-containers/lxc/lxc_1.0.7.bb | 2 + > 3 files changed, 297 insertions(+) > create mode 100644 > recipes-containers/lxc/files/lxc-busybox-add-OpenSSH-support.patch > create mode 100644 > recipes-containers/lxc/files/make-some-OpenSSH-tools-optional.patch > > diff --git > a/recipes-containers/lxc/files/lxc-busybox-add-OpenSSH-support.patch > b/recipes-containers/lxc/files/lxc-busybox-add-OpenSSH-support.patch > new file mode 100644 > index 0000000..f2f332c > --- /dev/null > +++ b/recipes-containers/lxc/files/lxc-busybox-add-OpenSSH-support.patch > @@ -0,0 +1,246 @@ > +From ed52814c776963efdcc9dcda1ec26fc09930ef93 Mon Sep 17 00:00:00 2001 > +From: Bogdan Purcareata <[email protected]> > +Date: Wed, 22 Apr 2015 14:53:32 +0000 > +Subject: [PATCH] lxc-busybox: add OpenSSH support > +MIME-Version: 1.0 > +Content-Type: text/plain; charset=UTF-8 > +Content-Transfer-Encoding: 8bit > + > +Add an additional template parameter for SSH support in the container. > Currently > +this can be implemented using the Dropbear or OpenSSH utility. The respective > +tool needs to be available on the host Linux. > + > +If the parameter is omitted, the template will look for the Dropbear utility > on > +the host and install it if it is available (legacy behavior). > + > +Adding OpenSSH support has been done following the model in the lxc-sshd > +template. > + > +Upstream-status: Accepted > +[https://github.com/lxc/lxc/commit/ed52814c776963efdcc9dcda1ec26fc09930ef93] > + > +Signed-off-by: Bogdan Purcareata <[email protected]> > +Acked-by: Stéphane Graber <[email protected]> > +--- > + templates/lxc-busybox.in | 169 > ++++++++++++++++++++++++++++++++++++++--------- > + 1 file changed, 139 insertions(+), 30 deletions(-) > + > +diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in > +index 7e05bd6..95961a3 100644 > +--- a/templates/lxc-busybox.in > ++++ b/templates/lxc-busybox.in > +@@ -22,6 +22,7 @@ > + > + LXC_MAPPED_UID= > + LXC_MAPPED_GID= > ++SSH= > + > + # Make sure the usual locations are in PATH > + export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin > +@@ -160,6 +161,116 @@ EOF > + return $res > + } > + > ++install_dropbear() > ++{ > ++ # copy dropbear binary > ++ cp $(which dropbear) $rootfs/usr/sbin > ++ if [ $? -ne 0 ]; then > ++ echo "Failed to copy dropbear in the rootfs" > ++ return 1 > ++ fi > ++ > ++ # make symlinks to various ssh utilities > ++ utils="\ > ++ $rootfs/usr/bin/dbclient \ > ++ $rootfs/usr/bin/scp \ > ++ $rootfs/usr/bin/ssh \ > ++ $rootfs/usr/sbin/dropbearkey \ > ++ $rootfs/usr/sbin/dropbearconvert \ > ++ " > ++ echo $utils | xargs -n1 ln -s /usr/sbin/dropbear > ++ > ++ # add necessary config files > ++ mkdir $rootfs/etc/dropbear > ++ dropbearkey -t rsa -f $rootfs/etc/dropbear/dropbear_rsa_host_key > > /dev/null 2>&1 > ++ dropbearkey -t dss -f $rootfs/etc/dropbear/dropbear_dss_host_key > > /dev/null 2>&1 > ++ > ++ echo "'dropbear' ssh utility installed" > ++ > ++ return 0 > ++} > ++ > ++install_openssh() > ++{ > ++ # tools to be installed > ++ server_utils="sshd" > ++ client_utils="\ > ++ ssh \ > ++ scp \ > ++ sftp \ > ++ ssh-add \ > ++ ssh-agent \ > ++ ssh-keygen \ > ++ ssh-keyscan \ > ++ ssh-argv0 \ > ++ ssh-copy-id \ > ++ " > ++ > ++ # new folders used by ssh > ++ ssh_tree="\ > ++$rootfs/etc/ssh \ > ++$rootfs/var/empty/sshd \ > ++$rootfs/var/lib/empty/sshd \ > ++$rootfs/var/run/sshd \ > ++" > ++ > ++ # create folder structure > ++ mkdir -p $ssh_tree > ++ if [ $? -ne 0 ]; then > ++ return 1 > ++ fi > ++ > ++ # copy binaries > ++ for bin in $server_utils $client_utils; do > ++ tool_path=`which $bin` > ++ cp $tool_path $rootfs/$tool_path > ++ if [ $? -ne 0 ]; then > ++ echo "Unable to copy $tool_path in the rootfs" > ++ return 1 > ++ fi > ++ done > ++ > ++ # add user and group > ++ cat <<EOF >> $rootfs/etc/passwd > ++sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin > ++EOF > ++ > ++ cat <<EOF >> $rootfs/etc/group > ++sshd:x:74: > ++EOF > ++ > ++ # generate container keys > ++ ssh-keygen -t rsa -N "" -f $rootfs/etc/ssh/ssh_host_rsa_key >/dev/null > 2>&1 > ++ ssh-keygen -t dsa -N "" -f $rootfs/etc/ssh/ssh_host_dsa_key >/dev/null > 2>&1 > ++ > ++ # by default setup root password with no password > ++ cat <<EOF > $rootfs/etc/ssh/sshd_config > ++Port 22 > ++Protocol 2 > ++HostKey /etc/ssh/ssh_host_rsa_key > ++HostKey /etc/ssh/ssh_host_dsa_key > ++UsePrivilegeSeparation yes > ++KeyRegenerationInterval 3600 > ++ServerKeyBits 768 > ++SyslogFacility AUTH > ++LogLevel INFO > ++LoginGraceTime 120 > ++PermitRootLogin yes > ++StrictModes yes > ++RSAAuthentication yes > ++PubkeyAuthentication yes > ++IgnoreRhosts yes > ++RhostsRSAAuthentication no > ++HostbasedAuthentication no > ++PermitEmptyPasswords yes > ++ChallengeResponseAuthentication no > ++EOF > ++ > ++ echo "'OpenSSH' utility installed" > ++ > ++ return 0 > ++} > ++ > + configure_busybox() > + { > + rootfs=$1 > +@@ -230,34 +341,6 @@ EOF > + lxc-unshare -s MOUNT -- /bin/sh < $CHPASSWD_FILE > + rm $CHPASSWD_FILE > + > +- # add ssh functionality if dropbear package available on host > +- which dropbear >/dev/null 2>&1 > +- if [ $? -eq 0 ]; then > +- # copy dropbear binary > +- cp $(which dropbear) $rootfs/usr/sbin > +- if [ $? -ne 0 ]; then > +- echo "Failed to copy dropbear in the rootfs" > +- return 1 > +- fi > +- > +- # make symlinks to various ssh utilities > +- utils="\ > +- $rootfs/usr/bin/dbclient \ > +- $rootfs/usr/bin/scp \ > +- $rootfs/usr/bin/ssh \ > +- $rootfs/usr/sbin/dropbearkey \ > +- $rootfs/usr/sbin/dropbearconvert \ > +- " > +- echo $utils | xargs -n1 ln -s /usr/sbin/dropbear > +- > +- # add necessary config files > +- mkdir $rootfs/etc/dropbear > +- dropbearkey -t rsa -f $rootfs/etc/dropbear/dropbear_rsa_host_key > > /dev/null 2>&1 > +- dropbearkey -t dss -f $rootfs/etc/dropbear/dropbear_dss_host_key > > /dev/null 2>&1 > +- > +- echo "'dropbear' ssh utility installed" > +- fi > +- > + return 0 > + } > + > +@@ -315,12 +398,12 @@ remap_userns() > + usage() > + { > + cat <<EOF > +-$1 -h|--help -p|--path=<path> > ++$1 -h|--help -p|--path=<path> -s|--ssh={dropbear,openssh} > + EOF > + return 0 > + } > + > +-options=$(getopt -o hp:n: -l > help,rootfs:,path:,name:,mapped-uid:,mapped-gid: -- "$@") > ++options=$(getopt -o hp:n:s: -l > help,rootfs:,path:,name:,mapped-uid:,mapped-gid:,ssh: -- "$@") > + if [ $? -ne 0 ]; then > + usage $(basename $0) > + exit 1 > +@@ -336,6 +419,7 @@ do > + -n|--name) name=$2; shift 2;; > + --mapped-uid) LXC_MAPPED_UID=$2; shift 2;; > + --mapped-gid) LXC_MAPPED_GID=$2; shift 2;; > ++ -s|--ssh) SSH=$2; shift 2;; > + --) shift 1; break ;; > + *) break ;; > + esac > +@@ -384,3 +468,28 @@ if [ $? -ne 0 ]; then > + echo "failed to remap files to user" > + exit 1 > + fi > ++ > ++if [ -n "$SSH" ]; then > ++ case "$SSH" in > ++ "dropbear") > ++ install_dropbear > ++ if [ $? -ne 0 ]; then > ++ echo "Unable to install 'dropbear' ssh utility" > ++ exit 1 > ++ fi ;; > ++ "openssh") > ++ install_openssh > ++ if [ $? -ne 0 ]; then > ++ echo "Unable to install 'OpenSSH' utility" > ++ exit 1 > ++ fi ;; > ++ *) > ++ echo "$SSH: unrecognized ssh utility" > ++ exit 1 > ++ esac > ++else > ++ which dropbear >/dev/null 2>&1 > ++ if [ $? -eq 0 ]; then > ++ install_dropbear > ++ fi > ++fi > +-- > +2.1.4 > + > diff --git > a/recipes-containers/lxc/files/make-some-OpenSSH-tools-optional.patch > b/recipes-containers/lxc/files/make-some-OpenSSH-tools-optional.patch > new file mode 100644 > index 0000000..2d28788 > --- /dev/null > +++ b/recipes-containers/lxc/files/make-some-OpenSSH-tools-optional.patch > @@ -0,0 +1,49 @@ > +From 34be0d3cd8c4eaca9929470bc8bce5e74975bccf Mon Sep 17 00:00:00 2001 > +From: Bogdan Purcareata <[email protected]> > +Date: Thu, 23 Apr 2015 08:33:00 +0000 > +Subject: [PATCH] lxc-busybox: make some OpenSSH tools optional > + > +Currently, when installing OpenSSH in a Busybox container, the template > searches > +for all the OpenSSH client binaries available in the Debian distro package. > The > +included tools might differ from distro to distro, so make part of the tools > +optional. The mandatory tools, without which installing OpenSSH fails, are > +"sshd" for the server and "ssh" and "scp" for the client. > + > +Upstream-Status: Submitted > +[https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-April/011696.html] > + > +Signed-off-by: Bogdan Purcareata <[email protected]> > +--- > + templates/lxc-busybox.in | 9 +++++++++ > + 1 file changed, 9 insertions(+) > + > +diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in > +index 95961a3..17a3006 100644 > +--- a/templates/lxc-busybox.in > ++++ b/templates/lxc-busybox.in > +@@ -197,6 +197,8 @@ install_openssh() > + client_utils="\ > + ssh \ > + scp \ > ++ " > ++ client_optional_utils="\ > + sftp \ > + ssh-add \ > + ssh-agent \ > +@@ -230,6 +232,13 @@ $rootfs/var/run/sshd \ > + fi > + done > + > ++ for bin in $client_optional_utils; do > ++ tool_path=`which $bin` > ++ if [ $? -eq 0 ]; then > ++ cp $tool_path $rootfs/$tool_path > ++ fi > ++ done > ++ > + # add user and group > + cat <<EOF >> $rootfs/etc/passwd > + sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin > +-- > +2.1.4 > + > diff --git a/recipes-containers/lxc/lxc_1.0.7.bb > b/recipes-containers/lxc/lxc_1.0.7.bb > index 0da1e37..f79ba76 100644 > --- a/recipes-containers/lxc/lxc_1.0.7.bb > +++ b/recipes-containers/lxc/lxc_1.0.7.bb > @@ -32,6 +32,8 @@ SRC_URI = > "http://linuxcontainers.org/downloads/${BPN}-${PV}.tar.gz \ > file://lxc-busybox-use-lxc.rebootsignal-SIGTERM.patch \ > file://ppc-add-seccomp-support-for-lxc.patch \ > file://lxc-fix-B-S.patch \ > + file://lxc-busybox-add-OpenSSH-support.patch \ > + file://make-some-OpenSSH-tools-optional.patch \ > " > > SRC_URI[md5sum] = "b48f468a9bef0e4e140dd723f0a65ad0" > -- > 1.9.1 > > -- > _______________________________________________ > meta-virtualization mailing list > [email protected] > https://lists.yoctoproject.org/listinfo/meta-virtualization -- "Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end" -- _______________________________________________ meta-virtualization mailing list [email protected] https://lists.yoctoproject.org/listinfo/meta-virtualization
